Tuesday, October 5, 2010

OWASP Zed Attack Proxy Project

Zed Attack Proxy has been accepted as an OWASP project

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. The current version of ZAP is 1.0.0 and it can be downloaded from the Google Code page.

The next release of OWASP ZAP, planned for later this year, is expected to include:OWASP rebrandingImprovements to the passive and active automated scannersImprovements the SpiderThe addition a basic port scannerThe ability to brute force files and directories (using components from DirBuster)Further internationalization